The future of IT security seems like a straightforward discussion ­ – focused, straight and to the point.

Nothing, however, could be further from the truth. Businesses need to understand the risks and implement mitigating strategies if they want to keep ahead of the bad guys.

There are three types of organisation: those who get security and have ongoing risk management activities in place; those that understand security but struggle to implement appropriate measures; and those who think that e-crime will pass them by if they just keep their heads down.

For most, the future of IT security will be much like the present. There will always be people who spend most of their waking hours decoding encryption algorithms and looking for back doors into telephone networks.

But there is also an evolving economy built around the market value of credit card details and the ability to launch denial of service attacks from unsuspecting ­ – and generally poorly configured ­– home computers.

And IT leaders also need to consider risks caused by their own employees, be they through malice or stupidity. Internal workers have always posed the biggest threat to computer systems ­ – even before product categories, such as data leakage prevention, were posited.

So, what does the future of IT security include? As a starting point, it is worth reflecting on the wider long-term development of technology. There are a number of trends driving how organisations deploy and operate their IT systems ­ – and these threats will have a direct impact on a broad range of areas.

Outsourcing and offshoring

The offshore resourcing market continues to develop, with Indian companies such as Wipro setting up in the UK and other local companies expanding their offshore operations.

Security risks range from the difficulties associated with vetting offshore staff, to the challenge of maintaining business information at offshore locat ions.

Hosting and software as a service (SaaS)

We are not yet seeing wholesale mass adoption of the SaaS model, mainly because the technology is still maturing across areas such as data integration. The risks are similar to the information integrity concerns associated with outsourcing.

Service-oriented architectures and Web 2.0

Both of these topic areas share the risks of using distributed system architectures that may extend beyond the corporate firewall. As well as being open to confidentiality breaches and denial of service attacks, there are also threats surrounding the publishing of interfaces onto corporate systems. In some instances, the interface itself may be confined to company use.

Virtualisation and datacentre automation

Virtualisation offers a quick win for many organisations, helping IT leaders to consolidate applications onto a reduced set of physical servers. The centralised control of preconfigured virtual servers can reduce security risks. But there is also the issue of virtual server proliferation and the potential for mismanagement, which could potentially leave virtual servers open to breach.

Mobility and unified communications (UC)

Suppliers are working hard to deliver on the concept of enabling users to communicate with each other as simply and seamlessly as possible. But UC also presents a two-edged sword, and IT managers need to be prepared for exploitation problems, particularly around spam calls.

Social networking

We are already seeing some of the security challenges that social networking can pose in terms of privacy and identity issues, for example. There are other risks that, to our knowledge, no one has exploited, such as pulling together composite identities of individuals across social networking sites.

Social networking presents a range of personal security issues, but corporate implications across duty of care also create concerns.

The above list of potential risks demonstrates that continued vigilance is only part of the answer. Risk management processes and policies are also crucial, and should be a fundamental part of any organisation’s security strategy.

Moreover, all of the above risks share one important element: they affect all parts of the IT architecture. Such risks cannot be mitigated by tactically acquiring a specialist appliance and implementing it in the server room.

If IT security is to be characterised by having a far-reaching impact, so we need to consider how the roles responsible for IT security have a similarly far-reaching remit.

We are already seeing some organisations ­ – HSBC, for example ­ – combining their IT security function with a business fraud function, enabling the institution to deal with business and IT issues from the same point.

I have often characterised IT as a fire extinguisher industry, an analogy that makes sense if all people are doing is fighting fires. Challenges, such as the security issues listed above, will require us to move towards a prevention-based approach rather than a series of poorly-funded coping strategies.

And frankly, given that the trends are happening whether organisations want them to or not, the sooner we can get there the better.

Jon Collins is service director at analyst Freeform Dynamics.

I’m probably showing my age by recalling the classic Rowan Atkinson after dinner speech, which starts: “Where … are we going?” After a number of increasingly convoluted questions, he terminates with: “And have we got a map?” Given the fact he was playing a crusty old buffer it may be fair to say that the sketch was timeless; as, funnily enough, was the advice he was giving.

It will come as no surprise to those who know me to say that I’m not among the most organised of souls. In Belbin terms my preference tends more towards the creative plant than the completer-finisher – though truth be told, this could be as much down to the relative ease at which one can arrive, sprinkle a few ideas and depart quickly, before the hard work of actually achieving something really begins. When it comes to knuckling down, I’m no shirk – but let’s just say easily distracted. Like Rimmer in Red Dwarf, I have been known to put as much effort (if not more) into perfectly crafted, multicoloured revision timetables, as doing any actual revision.

Always on the look-out for labour-saving devices, it can come as some surprise when one of them actually works. And so it was that I stumbled across mind mapping a few years ago, my first, jackdaw-like tendency to seize the opportunity to draw some more pretty pictures overwhelming any thought that they might actually be of help. After a preliminary stab, it was only when I listened to a couple of tapes by Michael Gelb that I really grasped the potential – and discipline – of mind mapping. With his smooth American tones I have the feeling that Mr Gelb could probably explain the art of fish filleting to seals quite convincingly, but whatever. I was hooked.

When I first dabbled in mind mapping, there was no real software tool that cut the mustard – which was fine, I had my multicoloured pens. I did try out a couple of packages at the time: there was MindMan for Windows, which at the time was little more than a drawing tool; there were also packages that enabled outlining of ideas – not least Microsoft Word, but also BrainStorm from David Tebbutt and programs like BrainForest for Palm – a product that I found so useful, it could well have seen me relying on the Palm platform to this day. Unsurprising for a flighty mind like mine however, I have never stuck with any single product, preferring to try new capabilities as time passed.

Mind maps can be used for a whole variety of things, but where I have found them the most useful is in getting my own life organised. I have recently been playing with the latest version of Mind Manager, version 7 (which happens to be the successor to MindMan), and I am rediscovering the strength of the core concept – the mind map – as a highly scalable graphical device. If (perish the thought) I suddenly remember a bunch of things I am supposed to be doing, I can add them to a map with relative ease, and use this as the basis for prioritisation. The same principle has applied when I have used maps for structuring reports or defining problem solving approaches: the map is a very efficient way to grow a corpus of information.

In practical terms, right now I have a complete picture of everything I’m supposed to be doing. There are a couple of features of the new product that really help me with this – the first is a single key combination to add priorities to map elements, and the second is a very intuitive map filter. If I just want to see priority-one items I can do so, avoiding the more general clutter. It’s not perfect – it lacks the ability to review priorities in the light of what I should really be getting on with, rather than what I find most interesting – but it would take more than a software tool to enable that!

While I may be back on the hook, the question is – will I wriggle off again? The main weakness I have found with such products in the past is that they were great at visualising ideas, and outlining, but lacked capabilities when I wanted to grow them in new directions – such as moving from individual to even more complex maps, from personal to team organisation, or integrating better with the other tools I use to do my job. I understand these are the issues Mind Manager 7 is seeking to address, so the proof of the pudding will be how far I progress with the tool before I find it becoming a constraint.

To my mind, the “killer app” for mind mapping remains that it is a personal productivity device – I would advise against trying to roll it out (as a capability or as a tool) for anything broader, in the first instance. While I do believe that initially, individuals need to discover the potential of mind mapping for themselves, I can see the benefits of broader application, across the team or even the organisation – information can be presented in a map succinctly and readably even to the non-initiated, for example.  Will companies become suddenly more profitable as a result of mind mapping? I doubt it, but then, in this increasingly socially networked world we live in, perhaps mind mapping techniques could offer at least part of the answer.

It’s always fun to speculate about greater things, but for myself, right now, there is only one question. Will I stick with it? To be honest I don’t know – but for the time being, it is exactly what I need.

By Jon Collins